Apple's iPhone <eta: and other smartphones?> tracks users every movement

[editor]

People live in houses and aren't in them during the day - this won't tell burglars any more than they know already tbf

What? Come on! Access to this info would tell someone precisely where you worked and what times you were out of the house. And if you worked nights, they'd know that your house was empty.

No matter what the source, I'd be deeply unhappy if someone got such info on my whereabouts. That's why I keep my Facebook profile set to private.

 

[magneze]

People live in houses and aren't in them during the day - this won't tell burglars any more than they know already tbf

Quite. So being able to get their after-dark movement patterns is quite useful. When do they always go out, how far away are they and how long are they away.

I think this is unlikely tbh, but for all we know this might have happened already if someone unscrupulous had already found this file.

 

[Kanda]

And if you worked nights, they'd know that your house was empty.

your partner might not work nights

 

[editor]

your partner might not work nights

Or they might not have a partner.

 

[magneze]

Relatively simple to cross reference this data and find out how many people live somewhere.

 

[magneze]

I wonder how long it will take for Apple to put together an update to remote wipe this data on every iOS device.

I wonder how long it will take someone to stick a trojan horse app into the app store to retrieve this data.

1.. 2.. 3.. GO

 

[editor]

Quite. So being able to get their after-dark movement patterns is quite useful. When do they always go out, how far away are they and how long are they away.

I think this is unlikely tbh, but for all we know this might have happened already if someone unscrupulous had already found this file.

I don't think it's going to kick-start a spate of burglaries, but there is ample evidence of people being burgled after they posted up revealing information on Twitter and Facebook profiles, so I can see how some ne'er do wells will welcome access to the iPhone's stealth location file.

Personally, I think it's more likely to be looked up by suspicious husbands/wives, bosses and private investigators. Either way, there's no excuse for Apple storing and maintaining such a log file and if it was Android or anyone else keeping such a log of my whereabouts, I'd be just as mightily miffed.

 

[magneze]

Actually, it's not clear if this data is available to apps, so the scenario I've outlined might not be possible. Still, this is a massive breach of trust.

 

[editor]

Have any iPhone users given this a go yet?
http://petewarden.github.com/iPhoneTracker/

From their FAQ:

What’s so bad about this?
The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.

The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it’s kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.

By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements.

 

[Kid_Eternity]

If they did a survey of smartphone users and asked: "would you be happy if your handset secretly stored an unprotected, easily accessible file containing timestamped location info for all your movements?" what percentage of users do you think would answer, " Sure, why not, it's all meh to me?"

I could be wrong, but I suspect you're in a real minority here.

I raised this in the office, the response was nothing but real concern to outrage. Two people won't own an iPhone off this and one iPhone owner wasn't very happy at all.

I'm going to ask more non techy/geek iPhone owners I know to see what their reaction is...

 

[metalguru]

I tried the iphone tracker. Main thing it told me is that I haven't been outside Central London since I got my iphone last August (correct).

Still not very happy that this information is being stored.

 

[magneze]

As this info is stored on your PC/Mac then any malware could also access this information. Arguably this is a much greater risk than a rogue iOS app.

 

[editor]

It may not even be legal:

Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, said it is possible Apple is violating the Wireless Communications and Public Safety Act, which allows telecom carriers to provide call information only in emergency situations.

“By asking for permission to collect location data, Apple may be trying to get around its legal obligations, by asking people to give up privacy rights they don’t even know they have,” Nissim said.

She added that a potential privacy concern is that law enforcement would be able to subpoena these types of records from people’s iPhones or iPads.

http://www.wired.com/gadgetlab/2011/04/iphone-tracks/

 

[FridgeMagnet]

These are data that are stored on individual devices and PCs and not sent anywhere. There's no legal issue there; it isn't data collection by a third party.

It is certainly a personal security liability, in that the user would not (previously) be aware that those data were being stored so wouldn't be able to make informed security choices about encryption or not to use the device; it also just simply seems not to have had any real purpose anyway, and you don't store sensitive data you don't need, that's security first principles.

 

[FridgeMagnet]

Actually, it's not clear if this data is available to apps, so the scenario I've outlined might not be possible.

If it were accessible to apps we would have heard about this a long time ago! iOS apps are very sandboxed and have strict user-controlled access to location data.

 

[magneze]

If it were accessible to apps we would have heard about this a long time ago! iOS apps are very sandboxed and have strict user-controlled access to location data.

Indeed, but your average PC is not - this is probably the greater danger.

 

[elbows]

Wahey, I met Pete Warden once, computer visuals-related stuff, never dreamed Id find him in the news one day for helping to expose this Apple horror, especially as I met him just before he went off to work for Apple on some graphics stuff.

Have downloaded his app, off to try it now.

 

[Refused as fuck]

I know all of this looks bad but Sunray hasn't yet explained how it's actually all Google's fault and Apple are completely innocent of all charges. And I reserve judgement until s/he does.

 

[Macabre]

I bet the News of the World journos would have loved for this sort of info.

 

[editor]

These are data that are stored on individual devices and PCs and not sent anywhere. There's no legal issue there; it isn't data collection by a third party.

It is certainly a personal security liability, in that the user would not (previously) be aware that those data were being stored so wouldn't be able to make informed security choices about encryption or not to use the device; it also just simply seems not to have had any real purpose anyway, and you don't store sensitive data you don't need, that's security first principles.

How ever you spin it, they should not have been secretly and insecurely storing this data - and transferring it over phone upgrades and desktop computers - without a user's explicit permission.

Dr Ian Brown, a senior research fellow at the Oxford Internet Institute, said: “I certainly think it's something they should have brought much more to the attention of the user, and that it should only be switched on after an explicit user decision.”
Daniel Hamilton, director of the privacy lobby group Big Brother Watch said: “iPhone users will rightly be concerned that their movements are being covertly monitored in this way.
“Apple has a duty to immediately provide their customers with details about how to disable this invasive software."

http://www.telegraph.co.uk/technolo...one-tracks-users-location-in-hidden-file.html

 

[FridgeMagnet]

That's twice now you've implied I'm posting "pro-Apple spin" and then said something practically identical to what I actually posted.

 

[Bungle73]

Surely this is only of concern if you leave location services on all time time? Doing so drains the battery so I leave mine off most of the time.

Only I have access to my Mac, I can remote wipe my iPhone.

Not justifying their behaviour, just saying why I'm not too bothered by this.

You don't need a Mac to do that, you can do it from any computer provide you sign up for it; shows you where your phone is too.

 

[Bungle73]

How ever you spin it, they should not have been secretly and insecurely storing this data - and transferring it over phone upgrades and desktop computers - without a user's explicit permission.

I'm pretty sure it's in their T&Cs which no one bothers to read (I'm guilty too).

 

[editor]

That's twice now you've implied I'm posting "pro-Apple spin" and then said something practically identical to what I actually posted.

I haven't suggested you were "pro Apple" but I'm disagreeing with your firm insistence that there is "no legal issue" here. I suspect there may be, no matter what the (generally unread) T&Cs say.

 

[FridgeMagnet]

Surely this is only of concern if you leave location services on all time time? Doing so drains the battery so I leave mine off most of the time.

These aren't GPS data, it seems to be a log from the base stations used which is automatic when not in airplane mode, so it's not affected by location services. You could leave it in airplane mode all the time I suppose

 

[Bungle73]

These aren't GPS data, it seems to be a log from the base stations used which is automatic when not in airplane mode, so it's not affected by location services. You could leave it in airplane mode all the time I suppose

If it's not using GPS its not going to that accurate is it?

 

[FridgeMagnet]

If it's not using GPS its not going to that accurate is it?

Accurate enough to form a general picture of movements, not to track you by satellite. It would certainly be very useful to a PI. (Intelligence services, as said before, can already theoretically get this location data from your mobile company if they're legit.)

 

[FridgeMagnet]

I haven't suggested you were "pro Apple" but I'm disagreeing with your firm insistence that there is "no legal issue" here. I suspect there may be, no matter what the (generally unread) T&Cs say.

I can't see what laws it contravenes to store personal data on a personal device which isn't then distributed, and I note that commentators (hotfooted by journos on a newly-breaking story) are hedging their bets and saying "well it might possibly be against X but in general it's very bad practice and shouldn't be done". It is very bad practice and shouldn't be done but there will not be any lawsuits here.

 

[Gromit]

Breaking news: 100,000 drug dealers have just thrown their iphones into a river.

dave

They all use burners. I seen it on the Wire so truedat.

 

[editor]

I like Wired's headline: "iPhone Tracks Your Every Move, and There's a Map for That"